directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Lowden <>
Subject Adding a prescriptiveACI for multiple user groups
Date Tue, 13 Nov 2012 13:32:15 GMT

I wonder if someone could point out if I'm doing anything wrong here, or if this *should*
work and just doesn't.

I'm implementing an access control list by creating an accessControlSubentry class and within
that class giving it a prescriptiveACI attribute which I would like to be applied to multiple
userGroup instances:

userGroup { "cn=Group 1,ou=groups,ou=system" },
userGroup { "cn=Group 2,ou=groups,ou=system" }

However, when I do this I get an error saying the following:

#!ERROR [LDAP: error code 21 - INVALID_ATTRIBUTE_SYNTAX: failed for MessageType : ADD_REQUEST
Message ID : 448     Add Request : Entry     ...' for the AttributeType 'ATTRIBUTE_TYPE (  NAME 'prescriptiveACI'  DESC Access control information that applies to a set of
entries  EQUALITY directoryStringFirstComponentMatch  SYNTAX
 USAGE directoryOperation  ) ']

If I only have one userGroup within the userClasses then it works fine, but this means that
I need to split each userGroup out into its own prescriptiveACI entry, each with identical

Am I doing something wrong here with my userClasses definition, or can you not have more than
one group?




The Company gives no warranty as to the accuracy or completeness of electronic mail messages
sent over the Internet and accepts no responsibility for changes made after it was sent. Any
opinion expressed in this email may be personal to the author, may not necessarily reflect
the opinions of the Company or its affiliates and may be subject to change without notice.

The information contained in this communication is confidential and/or proprietary business
or technical data. If you are not the intended recipient, you are hereby notified that any
dissemination, copying or distribution of this communication, or the taking of any action
in reliance on the contents of this communication, is strictly prohibited. If you have received
this communication in error, please immediately notify us electronically by return message,
and delete or destroy all copies of this communication.

Quicksilva Limited, Reg No 3860799, Incorporated at Companies House, Cardiff.
Registered Office: Langley Gate, Swindon Road, Chippenham, Wiltshire, SN15 5SE.  Vat Reg No
762 8082 16. 

This email has been scanned by the Symantec Email service.
For more information please visit
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message